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Abstract. We introduce improvements in the algorithm by Gastin and 
Oddoux translating LTL formulae into Biichi automata via very weak 
alternating co-Biichi automata and generalized Biichi automata. Sev- 
eral improvements are based on specific properties of any formula where 
each branch of its syntax tree contains at least one eventually opera- 
tor and at least one always operator. These changes usually result in 
faster translations and smaller automata. Other improvements reduce 
non-determinism in the produced automata. In fact, we modified all 
the steps of the original algorithm and its implementation known as 
LTL2BA. Experimental results show that our modifications are real im- 
provements. Their implementations within an LTL2BA translation made 
LTL2BA very competitive with the current version of SPOT, sometimes 
outperforming it substantially. 

This is a full version of [T] published at TACAS 2012. 



1 Introduction 

A translation of LTL formulae into equivalent Biichi automata plays an impor- 
tant role in many algorithms for LTL model checking, LTL satisfiability checking 
etc. For a long time, researchers aimed to find fast translations producing Biichi 
automata with a small number of states. This goal has led to the developments 
of several translation algorithms and many heuristics and optimizations includ- 
ing input formula reductions and optimizations of produced Biichi automata, 
see e.g. [3l4IOIl8lllll^TTOT7] . 

As the time goes, the translation objectives and their importance are chang- 
ing. In particular, [17j demonstrates that for higher performance of the subse- 
quent steps of the model checking process, it is more important to minimize the 
number of states with nondeterministic choice than the number of all states in 
resulting automata. Note that there are LTL formulae, e.g. FGa, for which no 
equivalent deterministic Biichi automaton exists. Further, model checking prac- 
tice shows that one LTL formula is usually used in many different model checking 
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tasks. Hence, it pays to invest enough computation time to get high quality (more 
deterministic and/or minimal) automata as it may reduce computation time of 
many model checking tasks. 

The new objectives lead to the developments of algorithms focusing on quality 
of produced automata. For example, [5] presents an effective algorithm translat- 
ing LTL formulae of the fragment called obligation (see |14j ) into weak deter- 
ministic Biichi automata (WDBA). Moreover, WDBA can be minimized by the 
algorithm of [13] . There is also a SAT-based algorithm searching for minimal 
(nondeterministic) Biichi automata [5]. The main disadvantage of all the men- 
tioned determinization and minimization algorithms is their long running time 
which limits their use. 

Our research returns to the roots: we focus on a fast translation producing 
a relatively good output. This approach is justified by the following facts: 

— The mentioned algorithms producing high quality automata often need, for 
a given LTL formula, some equivalent automaton as an input. 

— The mentioned algorithms are usually feasible for short formulae only or for 
formulae with a simple structure. 

— Given a fresh LTL formula, it can be useful to run vacuity checks, namely 
satisfiability of the formula and its negation, to detect bugs in the formula. In 
these checks, time of the LTL to automata translation can be more significant 
than time needed for subsequent computations (see [16] ). Hence, we need a 
fast translator to support an early detection of bugs in formulae. 

Considering the speed of an LTL to Biichi automata translation, LTL2BA [TT] 
and SPOT [7] are two leading tools. Based on extensive experiments on LTL 
satisfiability checking, [TS] even states: 

The difference in performance between SPOT and LTL2BA, on one 
hand, and the rest of explicit tools is quite dramatic. 

Each of the two tools is based on different algorithms. 

In LTL2BA, the translation proceeds in three basic steps: 

1. A given LTL formula is translated into a very weak alternating automaton 
(VWAA) with a co-Biichi accepting condition. 

2. The alternating automaton is then translated into a transition-based gener- 
alized Biichi automaton (TGBA), i.e. a generalized Biichi automaton with 
sets of accepting transitions instead of accepting states. 

3. The generalized automaton is transformed (degeneralized) into a Biichi au- 
tomaton (BA). 

Each of the three automata is simplified during the translation. 

SPOT translates a given LTL formula to a TGBA using a tableau method 
presented in pjj. The TGBA is then translated to a BA. Note that the model 
checking algorithm natively implemented in SPOT works directly with TGBAs. 
Prior to a translation, both LTL2BA and SPOT try to decrease the number of 
temporal operators in a given input formula by applications of reduction rules. 



While the LTL to automata translation in SPOT is under the gradual devel- 
opment following the current trends (see [B] for improvements made in the last 
four years) , LTL2BA underwent only one minor update in 2007 since its creation 
in 2001. In particular, SPOT reflects the changes in objectives. Therefore, SPOT 
usually produces more deterministic and smaller automata than LTL2BA, while 
LTL2BA is often a bit faster. 

Our contribution. We introduce several modifications of LTL2BA on both 
algorithmic and implementation levels. We suggest changes in all the steps of 
the translation algorithm. Our experimental results indicate that each modified 
step has a mostly positive effect on the translation. The new translator, called 
LTL3BA, is usually faster than the original LTL2BA and it produces smaller 
and more deterministic automata. Moreover, comparison of LTL3BA and the 
current version of SPOT (run without WDBA minimization that is very slow) 
shows that the produced automata are of similar quality and LTL3BA is usually 
faster. 

Some modifications employ an observation that each LTL formula contain- 
ing at least one always operator and at least one eventually operator on each 
branch of its syntax tree (with possible exceptions of branches going to the left 
subformula of any until or release operator) is prefix invariant. We call them al- 
ternating formulae. Indeed, validity of each alternating formula on a given word 
u depends purely on a suffix of u. In other words, it is not affected by any finite 
prefix of u. We apply this observation to construct new rules for formula reduc- 
tions. Further, the observation justifies some changes in constructions of VWAA 
and TGBA. Intuitively, a state of a VWAA corresponds to a subformula that 
has to be satisfied by the rest of an accepted word. If the corresponding subfor- 
mula is an alternating formula, then the state can be temporarily suspended for 
finitely many steps of the automaton. 

Other changes in a VWAA construction are designed to lower nondetermin- 
ism. This is also a motivation for new simplification rules applied on intermediate 
automata. These rules remove some transitions of the automaton and hence re- 
duce the number of nondeterministic choices in produced automata. The original 
simplification rules can be seen as special cases of the new rules. An effective 
implementation of this simplification required to change representation of tran- 
sitions. Further, we add one ad-hoc modification speeding up the translation of 
selected (sub)formulae. Finally, we modify a simplification rule merging some 
states of resulting BA. 

The rest of the paper is organized as follows. The next section recalls the 
definitions of LTL, VWAA, and TGBA. Section [3] focuses on alternating for- 
mulae and its properties. Sections [4j [5j [6j and [7] present new rules for formula 
reductions, modified translation of LTL to VWAA (including generalized sim- 
plification of VWAA), modified translation of VWAA to TGBA, and modified 
rule for simplification of BA, respectively. Finally, Section [8] is devoted to exper- 
imental results. The last section summarizes the achieved improvements. 



2 Preliminaries 



In this section, we recall the definition of LTL and definitions of VWAA and 
TGBA as presented in [TT] . 

Linear Temporal Logic (LTL) The syntax of LTL [T5] is defined as follows 

ip ::= tt | a | -><p \ p V ip \ p A <p \ Xip \ pUip, 

where tt stands for true, a ranges over a countable set AP of atomic propositions, 
X and U are temporal operators called next and until, respectively. The logic is 
interpreted over infinite words over the alphabet E = 2 AP , where AP' C AP is 
a finite subset. Given a word u — w(0)u(l)u(2) ... & E u , by m we denote the i th 
suffix of u, i.e. Ui = u(i)u(i + 1) . . .. 

The semantics of LTL formulae is defined inductively as follows: 

u \= tt 

u\= a iff a G u(0) 

u \= ~^(p iff u Y= ip 

u \= ipi V ip 2 iff u \= ipi or u \= ip2 

u \= pi /\ ip2 iff u\= ipi and u |= ip2 

u |= Xip iff u\ \= ip 

u|=^iU^2 iff 3i > . ( Ui |= p2 and V < j < i . Uj \= ipi) 

We say that a word u satisfies ip whenever u \= ip. Two formulae ip, ip are 
equivalent, written ip = ip, if for each alphabet S and each u £ it holds 
u \= ip u \= ip. Given an alphabet S, a formula <p defines the language 

L s (ip) — {u <E S u | u |= tp}. We often write L(tp) instead of L 2 v (ip), where 
AP(ip) denotes the set of atomic propositions occurring in the formula p. 

We extend the LTL with derived temporal operators: 

— Fp called eventually and equivalent to ttU p, 

— Gp called always and equivalent to ->F-iy>, and 

— pRip called release and equivalent to ^(^<p U^ip). 

In the following, temporal formula is a formula where the topmost operator is 
neither conjunction, nor disjunction. A formula without any temporal operator 
is called state formula. Note that a and tt are both temporal and state formulae. 
An LTL formula is in positive normal form if no operator occurs in the scope of 
any negation. Each LTL formula can be easily transformed to positive normal 
form using De Morgan's laws for operators V and A, equivalences for derived 
operators, and the following equivalences: 



^(p 1 \J p 2 ) = ^P } lR^ l P2 ^(fl R^2) = ~"Pl U ^P2 -<X(p = X-«p 



Biichi Automata (BA) A BA is a tuple B = (Q, E, 6, I, F), where 



— Q is a finite set of states, 

— E is a finite alphabet, 

— S : Q — > 2 s x ® is a total transition function, 

— I C Q is a set of initial states, and 

— i* 1 C Q is a set of accepting states. 

Automaton is deterministic if and only if |/| = f and \S(q, a)\ < 1 for all g e Q 
and a £ E. 

A run p of B over an infinite word w = w(0)w(l)w(2) . . . e E" is a sequence 
P = Q0Q1Q2 ■ ■ ■, where q € / is an initial state and q i+ i e S(qi,w(i)) for all 
i > 0. The run p is accepting if some accepting state occurs infinitely often in 
the sequence <Zo9i<72 • • •• An infinite word u> is accepted by an automaton £> if 
some run of B over w is accepting. 

We denote by L(B) the language accepted by B, i.e. the set of all words 
over S accepted by an automaton B. 

Very Weak Alternating co-Biichi Automata (VWAA) A VWAA is a 
tuple A = (Q, E, S, I, F), where 

— Q is a finite set of states, and we let Q' = 2® , 

— £ is a finite alphabet, and we let S' — 2 s , 

— 5 : Q ^> 2 s x ® is a transition function, 

— I C Q' is a set of initial states, 

— F C Q is a set of accepting states, and 

— there exists a partial order on Q such that, for each state q £ Q, all the 
states occurring in 5(g) are lower or equal to q. 

Note that the transition function 5 uses S' instead of S. This enables to merge 
transitions that differ only by action labels. We sometimes use a propositional 
formula a over AP to describe the element {a € £ | a satisfies a} of £'. 

A ritK <7 of VWAA A over a word w = w(0)w(l)w(2) . . . e is a labelled 
directed acyclic graph (V, E, A) such that: 

00 00 

— V is partitioned into (J Vj with £C (J x V^+i, 

i=0 i=0 

— A : V — >• Q is a labelling function, 

— {X(x) I a; e V a } e I, and 

— for each x € V^, there exist a e Z", q E Q and O <E Q' such that w(i) € a, 
g = A(x), O = {A(y) | (x, y) e S}, and (a, O) € (5(g). 

A run cr is accepting if each branch in <r contains only finitely many nodes labelled 
by accepting states (co-Biichi acceptance condition). A word w is accepted if 
there is an accepting run over w. 

We denote by L(A) the language accepted by A, i.e. the set of all words 
over E accepted by an automaton A. 



Transition Based Generalized Biichi Automata (TGBA) A TGBA is a 
tuple Q = (Q,E,S,I, F), where 



— Q is a finite set of states, 

— S is a finite alphabet, and we let £' = 2 s 

— S : Q — > 2 s x< 2 is a total transition function, 

— I C Q is a set of initial states, and 

— T = {Ti ,T 2 , . . . , T m } where C Qx £' xQ are sets of accepting transitions. 

A run p of TGBA over a word u> = w(0)w(l)w(2) . . . G E u is a sequence 
of states p — go9i92 ■ ■ ■ , where go G ^ is an initial state and, for each i > 0, there 
exists a£? such that G a and (a, ft+i) G 5 (g^) . A run p is accepting if for 
each 1 < j < m it uses infinitely many transitions from Tj . A word w is accepted 
if there is an accepting run over w. 

We denote by L(Q) the language accepted by Q, i.e. the set of all words 
over S accepted by an automaton Q. 

3 Alternating Formulae 

We define the class of alternating formulae together with the classes of pure 
eventuality and pure universality formulae introduced in [9]. Let ip ranges over 
general LTL formulae. The following abstract syntax equations define the classes 
pure eventuality formulae p, pure universality formulae v, and alternating for- 
mulae £: 

/i. ::= Fip | (UV/i | /iA/i | X/i | tp\J p | pR/i | Gp 

f ::= G<p | v\l v \ v hv \ Xv \ vUv \ ipRv \ Vv 

£::=Gn | Fu | £v£ I £A£ | X£ | | R£ I F £ | G£ 

Note that there are alternating formulae, e.g. (a U (GF6)) A (c R (GFc?)) , that are 
neither pure eventuality formulae, nor pure universality formulae. Properties of 
the respective classes of formulae are summarized in the following lemmata. 

Lemma 1. JfJjj Every pure eventuality formula p satisfies the following: 

Vw G , u G S* : w \= p => uw \= p 
Further, every pure universality formula v satisfies the following: 

Vw € S u , u G S* : uw \= v =>■ w\= v 

In other words, pure eventuality formulae define left-append closed languages 
while pure universality formulae define suffix closed languages. 

Lemma 2. Every alternating formula £ satisfies the following: 



Vw G S w ,u G S* : uw |= £ 



w\=t 



In other words, each alternating formula defines a prefix-invariant language. 

Proof. The proof proceeds by induction on the structure of £. We assume that 
w G S u is an arbitrary infinite word and u <= S* is an arbitrary finite word. 

£ = G/i - The semantics of G operator directly provides one implication, namely 
uw \= G/i w \= G/i. As /i is a pure eventuality formula, Lemma [l] gives 
us W G 17* : w \= /i =>■ m'ui |= /i. This implies w |= G/i ==>• uk; |= G/i. 
In total, we get w \= G/i <^=> uui (= G/i. 

£ = F^ - The semantics of F operator directly provides one implication, namely 
w |= Fv =>• «w |= Fia As v is a pure universality formula, Lemma [I] gives 
us W G S* : u'w \= v =>■ uj |= f. This implies uw \= Vv w \= Vv. In 
total, we get w \= Vv •<=>■ uw \= Vv. 

£ = <ysU£i - From the induction hypothesis, it follows that F£i =>■ ^i. Hence, 
p U £i = £i holds. Thus, the statement coincides with the induction hypoth- 
esis. 

£ = pR£,i - From the induction hypothesis, it follows that £i =4> G£i and 
thus also £i yR£i. As i/jR^ => £i, we get <^R£i = £i. Hence, the 

statement coincides with the induction hypothesis. 

£ = £i V £2 or £ = £1 A £2 or £ = X£i or £ = F£i or £ = G£i - In all these cases, 
the statement easily follows from the induction hypothesis. □ 

Corollary 1. Every alternating formula £ satisfies £ = X£. 

Hence, in order to check whether w satisfies £ it is possible to skip an arbitrary 
long finite prefix of the word w. 

We use this property in new rule for formula reduction. Further, it has 
brought us to the notion of alternating formulae suspension during the transla- 
tion of LTL to Biichi automata. We employ suspension on two different levels 
of the translation: the construction of a VWAA from an input LTL formula and 
the transformation of a VWAA into a TGBA. 

4 Improvements in Reduction of LTL Formulae 

Many rules reducing the number of temporal operators in an LTL formula have 
been presented in 18 and |9 . In this section we present some new reduction 
rules. For the rest of this section, ip, ip range over LTL formulae and 7 ranges 
over alternating ones. 

Xp> RXip = X(p Rip) (/? U 7 = 7 F7 = 7 X 7 = 7 
Xtp V = X(p V ip) <pR7 = 7 G7 = 7 

The following equivalences are valid only on assumption that p implies ip. 



tpU O/JU7) = ip\J-f p A (ip A 7) = (p A 7) 

(ipR~/)Rp = "/Rp ip V {p V 7 ) = (ip V 7 ) 

pU(jR(ipUp))=jR(tpUp) 



Further, we have extended the set of rules deriving implications of the form 
if tp. The upper formula is a precondition, the lower one is a conclusion. 

Gip tp <p Ftp if tp 

Gp ^ Xip Xip Ftp Xip ^ 

5 Improvements in LTL to VWAA Translation 

First, we recall the original translation of LTL to VWAA according to [XT] , The 
translation utilizes two auxiliary operators: 

- Let £' = 2 s , and let Q' = 2®. Given J 1: J 2 G 2 S ' X Q' , we define 

Ji ® J 2 = {(«i n a 2 , Oi U 2 ) I {ax, Ox) G Ji and (a 2 , 2 ) G J 2 }. 

— Let tp be an LTL formula in positive normal form. We define tp by: 

• tp = {{tp}} if tp is a temporal formula, 

• tpx A tp 2 = {Ox U 2 | Oi G tpi and 2 G V2}, 

• tpi V V»2 = tpi U -0 2 . 

Let <p be an LTL formula in positive normal form. An equivalent VWAA with 
a co-Buchi acceptance condition is constructed as A v = (Q, S, S, I, F), where Q 
is the set of temporal subformulae of <p, E = 2 AP ^>, I = Tp, F is the set of all 
U-subformulae of ip, i.e formulae of the type tpi U ip 2 , and 5 is defined as follows: 



S(tt) 


= {{ZM 


5{p) 


= {(S p , 0)} where £ p = {a € £ \ p € a} 




= {{S^ p , 0)} where S^ p = E x E p 


S{XtP) 


= {(£,0)\Oei>} 


S{tpxUtp 2 ) 


= A(tp 2 ) u {A{tPx) ® {Vi U V2})}) 


5{tPxRtp 2 ) 


= zi(V> 2 ) ® U {(£, {V^i R V2})}) 


A{tP) 


= <5(V') if V' is a temporal formula 


A{tPx V tp 2 ) 


= A(tPx)UA{tp 2 ) 


A{tPx A tp 2 ) 


= A{tPx) ® A{tp 2 ) 



Using the partial order "is a subformula of" on states of A v , one can easily prove 
that A v is very weak. 

Improved Translation In order to implement the suspension of alternating 
formulae, we modify the way the transition function 5 handles the binary op- 
erators U, R, V, and A. The original transition function S reflects the following 
identities: 

<Px U (p 2 = ¥>2 V {ipi A X{ipi U ip 2 )) 
<Px R ¥2 = <P2 A ((fix V X{(px R <p 2 )) 



However, if tpi is an alternating formula we apply the relation tpi = Xipi to 
obtain the following identities: 

ipi U ip 2 = <fi2 V (Xipx A X((pi U <p 2 )) 
ipx R ip 2 = <p 2 A (Xipx V X(^! R ip 2 )) 

Using these identities, the formula ipi is effectively suspended and checked one 
step later. Similarly, in the case of disjunction or conjunction, each disjunct or 
conjunct corresponding to an alternating formula is suspended for one step as 
well. Correctness of these changes clearly follows from properties of alternating 
formulae. Note that 5 is defined over formulae in positive normal form only. The 
translation treats each formula Ftp as ttUip and each formula Gtp as (—*tt) Rtp. 

We introduce further changes to the transition function S in order to generate 
automata which exhibits more determinism. In particular, we build a VWAA 
with only one initial state. Similarly, each state corresponding to a formula of 
a type Xip generates only one successor corresponding to <p. These changes can 
add an extra initial state and an extra state for each X-subformula comparing 
to the original construction. However, this drawback is often suppressed due to 
the consecutive optimizations during the construction of a TGBA. 

Now we present a modified construction of VWAA. Given an input LTL 
formula ip in positive normal form, an equivalent VWAA with a co-Biichi accep- 
tance condition is constructed as A v = (Q,E,S,I,F), where Q is the set of all 
subformulae of ip, E and F are defined as in the original construction, / = {</?}, 
and S is defined as follows: 

mm 

{(E p , 0)} where E p = {a e E \ p e a} 
{(£_ p ,0)} where E^ p = E\E p 

mm)} 

f^(^)U({(27,{^i})}®{(17,{^iU^})}) if -01 is alternating, 
\ A(ip 2 ) U (A^t) <g> {(E, {Vi U ip 2 })}) otherwise. 

( A(ip 2 ) ® ({(E, {ipi}), (E, {^ij RV2})}) if fl>i is alternating, 
\ A(^p 2 ) (A{tpi) U {(E, {i/'i R 2 })}) otherwise. 

{{(E, {ip})} if -0 is a temporal alternating formula, 
S(tp) if ip is a temporal formula that is not alternating. 

A(ih) ® A(ip 2 ) 

Motivation for our changes in the translation can be found in Figures [T] 
and[2j Each figure contains (a) the VWAA constructed by the original translation 
and (b) the VWAA constructed by our translation with suspension. Figure [I] 
shows the effect of suspension of alternating subformula GFa in computation of 
transitions leading from the initial state. It can be easily proved that whenever 



§{tt) = 
S(P) = 
Shp) = 
5W>) = 
S(ipi V V2) = 
S(i>i A -02) = 

Styi Uip 2 ) = 
5(tpiRi> 2 ) = 



A{^) = 

= 

A(iP! A0 2 ) = 




Fig. 1. VWAA for (GFa) U b generated by (a) the translation of [TT], (b) our translation 
with suspension, and (c) our translation with suspension and further determinization. 



(a) 



(6) 



(c) 



(l : X(o V b)) 




1 

(l : X(q V b)] 



(2 : a V b) 



* 

[l : X(q V b)] 



(2 : q V b) 



Fig. 2. VWAA for X(qVb) generated by (a) the translation of [TT], (b) our translation 
with suspension, and (c) the translation with suspension and further determinization. 



one start with a formula reduced according to Section |4j then each suspension 
of an alternating temporal subformula leads just to reduction of transitions in 
the resulting VWAA, i.e., no state is added. On the other hand, if an alternating 
non-temporal subformula tjj is suspended or the new definition of 5(X-ip) is used, 
then the resulting VWAA can contain one more reachable state corresponding to 
the formula ip. However, other states may become unreachable and, in particular, 
the automaton can also have more deterministic states as illustrated by Figure [2j 

Optimization of VWAA In the original algorithm, the VWAA is optimized 
before it is translated to a TGBA. In particular, if there are two transitions 
ti = (q,a>i,Oi) and t 2 = (9,0:2,02) satisfying a 2 C a\ and 0\ C 2 , then t 2 is 
removed as it is implied by t\. 

We suggest a generalization of this principle: if 0\ C O2 then replace the 
label a?, in t 2 by a 2 A->ai. If 0\ — 2 , replace both transitions by the transition 
{q,oei V a 2 ,0\). Note that if a 2 => ax, i.e. a 2 C a±, then a 2 A ->ai = ->tt 



and transition t% can be removed as before. Our generalized optimization rule 
increase determinism of the produced VWAA as illustrated by automata (c) of 
Figures [T] and [2] 

6 Improvements in VWAA to TGBA Translation 

First, we recall the translation of VWAA to TGBA introduced in [TT]. Let A v = 
(Q, S 1 S, I, F) be a VWAA with a co-Biichi acceptance condition. We define 
Q A = (Q 1 , S, 8', /, T) to be a TGBA where: 

— Q' — 2^, i.e. a state is a set of states of A v and represents their conjunction, 

n 

— <5"({<7i, (j2, • • • , q n }) = ® <K?i) is the non-optimized transition function, 

i=l 

— 5' is the optimized transition function defined as the set of ^-minimal tran- 
sitions of 8" where the relation =<; is defined by t\ =<; t 2 iff t\ = (0,ai,0\), 
h = (O, a 2l 2 ), a 2 C ai, O x C 2 , and VTj eT, t 2 eT / ^fi£ T /f and 

— T = {Tj | / e f } where 

T/ = {(O, a, 0')\f& O' or 3(/3, O") £ 5(f), a C and / g O" C O'}. 

Improved Translation Our algorithm for a VWAA to TGBA translation dif- 
fers from the original one only in definition of 5, where we also integrate the idea 
of suspension of alternating formulae. Recall that each state of a VWAA is 
a subformula of an input LTL formula and each state of a TGBA is identified 
with a conjunction of states of a VWAA. Let O = {qx, ■ ■ ■ , q n } be a state of a 
TGBA. Then transitions leading from O in a TGBA correspond to combinations 
of transitions leading from q±, . . . , q n in a VWAA. If q^ is an alternating formula 
and thus it satisfies q { = Xg i; we can effectively decrease the number of transition 
combinations that need to be considered during computation of S'(0) provided 
we suspend a full processing of qi to the succeeding states of the TGBA. More 
precisely, for the purpose of computation of S'(O), we set S(qi) = {(£, {qi})}- To 
construct a TGBA equivalent to the VWAA, we have to ensure that qi will not 
be suspended forever during any accepting run of the TGBA. Hence, we enable 
suspension only in the states that are not on any accepting cycle in a TGBA. 

Let M be the minimal set containing all VWAA states of the form ip R p and 
all subformulae of their right operands p. One can observe each TGBA state 
lying on some accepting cycle is a subset of M, The VWAA states outside M, 
called progress formulae, push TGBA computations towards accepting cycles. 
Suspension is enabled in a TGBA state only if it contains a progress formula. 
However, if all progress formulae in a TGBA state are alternating, their sus- 
pension is not allowed (as suspended progress formulae would not enforce any 
progress). 

Formally, for each TGBA state O — {qi,q 2 , ■ ■ ■ , q n } we define 5"(0) as fol- 
lows: 

n 

S"(0) =® 6 { qi ), where 



a tt 




Fig. 3. A VWAA Aj, corresponding to Fig. 4. A TGBA corresponding to 

GFa A Fb. the VWAA of Figure [3] 

' {(£, {<?«})} if O contains a progress non-alternating formula 
and qi is an alternating formula, 
§ Q (q.\ = < or O contains a progress formula 

and qi is an alternating non-progress formula, 

k 5(qi) otherwise. 

We have obtained better results when we restrict the definition of progress for- 
mulae to temporal progress formulae. 

Note that the original translation of VWAA to TGBA uses a correct but non- 
intuitive definition of accepting sets Tf. In fact, our modification is correct only 
if we change the definition of these sets to intuitive one: for each accepting state 
/ of the VWAA with a co-Biichi acceptance, we compute a set Tf to contain 
all TGBA transitions that do not contain any VWAA transition looping in /. 
Formally, T = {Tf | / e F} where 

T f = {(O, a, 0)\ft O' or (3(0, O") € *(/), 3( 7 , 0">) € ® / , GO x{/} *(/') 

such that / ^ O", a = f3 A 7, and O' = O" U O'")}. 



Incorrectness of the improved VWAA to TGBA translation in connection 
with the original definition of accepting sets is illustrated by the TGBA Q v of 
Figure [5] constructed from the VWAA A v of Figure [6] Thanks to the accepting 
cycle between states {1,2,4} and {1,2,5}, automaton Q v accepts the infinite 
word w = ({pi,p 2 }{P3}) w - Note that w y= GFg and hence also w ^= i> A GFq. 
Thus, w is not accepted by VWAA A v as A v corresponds to the formula ip = 
ip A GFq. Figure [7] depicts the TGBA Q' v automaton produced by the improved 
translation with the new definition of accepting sets. One can easily see that Q' v 
does not accept w. 

To demonstrate the effect of suspension during the construction of a TGBA, 
consider the VWAA A^p for the formula if> = GFa A Fb depicted in Figure [3| 
The construction of an equivalent TGBA starts in the initial state {1,2} 
that corresponds to a conjunction of states 1 and 2 of A$. Figure [H] depicts 
the transitions of leading from the initial state when constructed by (a) the 
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(5 : pi Rp 2 ) 



P2 

Fig. 5. A VWAA corresponding to formula ip = t/i A GFg, where V 1 = (X((pi RP2) V 

(- P lUp3)))Upi. 
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Fig. 6. A TGBA C/^ corresponding to the VWAA of Figure [5] constructed using original 
definition of accepting sets. 
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Fig. 7. A correct TGBA Q' v corresponding to the VWAA of Figure [5] constructed using 
modified definition of accepting sets. 
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Fig. 8. Transitions leading from state {1,2} in the TGBA constructed from the VWAA 
of Figure [3] by (a) the translation of [TT] and by (b) our translation with suspension. 



original translation of and by (b) our translation with suspension. Note 
that the state 1 corresponding to the alternating formula GFa is suspended in 
the TGBA state {1,2} as the state 2 corresponds to a non- alternating progress 
formula Fb. In both cases, the TGBA has two sets of accepting transitions, T 2 
and T3 . Each transition in the TGBA is labelled by a prepositional formula over 
AP and by a subset of {2,3} indicating to which sets of T 2 ,Tz the transition 
belongs. 

Comparing to the original VWAA to TGBA translation without any opti- 
mizations, the application of suspension leads to automata with fewer states. 
However, if we enable the optimizations suggested in |llj . the original transla- 
tion often constructs automata with the same number of states as our translation 
with suspension. For example, in the TGBA constructed from the VWAA of Fig- 
ure [3j the optimizations merge states {1,2,3} and {1,3} with {1,2} and {1}, 
respectively. In this particular case, both approaches lead to the same automaton 
Gip as shown in Figure |4j However, this is not the case in general. Using suspen- 
sion, automata with either more or less states can be constructed. However, the 
translation with suspension is usually slightly faster. 

In addition, we detect that both the original and the improved algorithms 
spend a lot of time when computing transitions of TGBA states equivalent to a 
formula of the form p = Goto A Ai<i<n where n > and ao, OL\,...,a n are 
formulae without any temporal operator. As such TGBA states are very frequent 
in practice, we use an optimization that detects these TGBA states and directly 
constructs the optimal transitions. 



7 Optimization of BA 



We slightly modify one optimization rule suggested in [IT] . It is applied on 
a resulting BA. The rule says that states q\ and q 2 of a BA can be merged if 
<5(<?i) = ^(92) and q\ G F q 2 G F. This rule typically fails to merge the states 
with a self loop. We suggest to add a new rule where the condition 6(q±) = S(q 2 ) 
is replaced by S(qi)[qi/r] — S(q 2 )[q 2 /r], where r is a fresh artificial state and 
S(q)[q/r] is a S(q) with all occurrences of q as a target node replaced by r. 
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SPOT 


1561 


5 729 


7.47 


55 


14 697 


95 645 


68.46 


221 


SPOT+WDBA 


1587 


5 880 


10.81 


88 


13 097 
(14 408) 


77 346 
(94 248) 


5 916.45 
(5 919.43) 


373 
(373) 


LTL2BA 


2118 


9 000 


0.81 


25 


24 648 


232 400 


18.57 


84 


LTL3BA(1) 


1621 


5 865 


1.26 


27 


17107 


129 774 


22.25 


92 


LTL3BA(1,2) 


1631 


6 094 


1.41 


54 


15 936 


115 624 


9.04 


237 


LTL3BA(1,2,3) 


1565 


5 615 


1.41 


54 


14113 


91159 


8.53 


240 


LTL3BA(1,2,3,4) 


1507 


5 348 


1.38 


54 


13 244 


85 511 


8.30 


240 



Table 1. Comparison of translators on two sets of random formulae. Time is in seconds, 
'det. BA' is the number of deterministic automata produced by the translator. Note 
that, using WDBA minimization, SPOT failed to translate 6 formulae of Benchmark2 
within the one hour limit. In order to see the effect of WDBA minimization to other 
formulae, we state in braces the original results increased by the values obtained when 
these 6 formulae were translated withut WDBA minimization. 



8 Implementation and Experimental Result 

We have implemented all the modifications suggested in the previous sections 
(and formula reduction rules suggested in [9]) in order to evaluate their effect. 
The implementation is based on LTL2BA and therefore called LTL3BA. Be- 
sides the changed algorithms, we also made some other, implementation related 
changes. In particular, we represent transition labels by BDDs and transitions 
are represented by C++ STL containers. 

In this section, we compare LTL3BA with LTL2BAQ (vl.l) and SPOI^] 
(vO.7.10 For the comparison of results, we use lbtt testbench tool [TH] to 
measure, for each translator, the number of states and transition^ of resulting 
automata, and the time of the computation. Further, we extend lbtt to count 
the number of produced deterministic automata. To be able to compare the re- 
sults, we set SPOT (option -N) to output automata in the form of never claim 
for SPIN as that is the output of LTL2BA as well. All experiments were done 
on a server with 8 processors Intel® Xeon® X7560, 448 GiB RAM and a 64- 
bit version of GNU/Linux. However, all three translators are single threaded, 
therefore, they can utilize only one CPU core. 



1 Available online at http://www.lsv.ens-cachan.fr/-gastin/ltl2ba/index.php 



http : //spot . Iip6 . f r/wiki/ 



Available online at 

In version version 0.7.1, SPOT contains a small bug in TGBA degeneralization. We 
reported this problem to authors and they provided a corresponding fix which we 
have applied. Therefore, the version of SPOT we have actually used differs a bit 
from the current version 0.7.1 that is publicly available. 

To solve the problem with different representation of transitions in automata pro- 
duced by different tools, we count all transitions leading from a state q to a state r 
as one. 
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Fig. 9. Running times of LTL to BA translators on parametric formula n of [TTj (the 
vertical axe is logarithmic and represent time in seconds, while the horizontal axe is 
linear and represent the parameter n). 



First we compare the translators on two sets, Benchmark! and Bcnchmark.2, 
of random formulae generated by lbtt. Benchmark! contains 100 formulae of 
the length 15-20 and their negations. Benchmark2 contains 500 formulae of the 
length 15-30 and their negations. The exact lbtt parameters used to generate 
the formulae are in Appendix[XJ Table[TJpresents the cumulative results of trans- 
lations of all formulae in the two sets. The table also illustrates the gradual effect 
of modifications of each step of the translation (1,2,3,4 refers to modifications 
introduced in Sections [3J [5j [6j and [7] in the respective order; e.g. LTL3BA(1) 
uses the original algorithm with our formula reduction while LTL3BA(1,2,3,4) 
refers to the translation with all the suggested modifications). Finally, the ta- 
ble contains the results for SPOT with WDBA minimization, which has the 
longest running time but provides the best results. The automata produced by 
LTL3BA are in sum slightly better than the automata produced by SPOT. Fur- 
ther, LTL3BA seems to be much faster. 

Further, we compare the execution time of translators running on parametric 
formulae from [TT] and [TB]. We use SPOT with the recommended option -r4, 
i.e. with the input formula reduction as the only optimization. To get a compara- 
ble settings of LTL3BA, we switched off the generalized optimization of VWAA. 
We gradually increase the parameter of the formulae until a translator fails to 
finish the translation in one hour limit. The results are depicted in Figure [9j 
Figure [l0| and Figure [TT] 

It is worth mentioning that each automaton produced by LTL3BA for 9 n 
has around half the number of states and half the number of transitions than 
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Fig. 10. Running times of LTL to BA translators on parametric formulae of [TI5] (the 
vertical axes are logarithmic and represent time in seconds, while the horizontal axes 
are linear or logarithmic and represent the parameter n). 



the one produced by SPOT. If we use default settings for SPOT, the automata 
are of the same size as from LTL3BA and the maximal formula is 620 too. The 
other way round, if we add SCC based automata simplification (option -R3) the 
results are small again but the maximal formula computable in an hour is r?ig. 

The graphs show that, in general, LTL3BA is slightly slower than LTL2BA 
and faster than SPOT on small formulae. With increasing parameter, LTL3BA 
outperforms LTL2BA (with exception of S(n) where LTL2BA fails before its 
running time reaches the limit), while SPOT sometimes remains slower, but 
sometimes eventually outperform LTL3BA. 

Finally, we compared SPOT and LTL3BA on parametric formulae from [2]: 



a n = F(pi A F(p 2 A ... A Fp n ) . . .) A F(q 1 A F(q 2 A ... A Fq n ) . . .) 

fi n = F(p A X(p A ... A Xp) . . .) A F(q A X(q A ... A Xq) . . .) 

(3' n = F(p AXp A X 2 p A ... A X' 1 - 1 ^) A F{q A Xq A X 2 q A . . . A X"- 1 ^) 

ip n = GFpi A GFp 2 A ... A GFp n 

e„ = FGpi V FGp 2 V ... V FG Pn 
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Fig. 11. Running times of LTL to BA translators on another parametric formulae 
of |16| (the vertical axes are logarithmic and represent time in seconds, while the 
horizontal axes are linear or logarithmic and represent the parameter n). 



In 2009, Cichori et al. [2] introduced the four parametric formulae and shown 
that their BA representations obtained by both LTL2BA and SPOT are far 
away from their minimal representations (or uncomputable even for the param- 
eter n < 20). Two years later in [5J, the authors of SPOT announced that they 
are able to compute all the mentioned formulae in minimal form. We have re- 
computed the results for all n < 20 by SPOT and LTL3BA and realized that 
LTL3BA returns also the minimal automata but 8 times faster. More precisely, 
the overall computation of SPOT took more than 13 minutes (802 seconds), 
while the computation of LTL3BA took less than 2 minutes (95 seconds). 



9 Conclusion 

We have focused on LTL to BA translations with the stress on their speed- 
up while maintaining outputs of a good quality. We have introduced several 
modifications of LTL2BA on both algorithmic and implementation levels. Among 
others, we have identified an LTL subclass of "alternating" formulae, validity of 
which does not depends on any finite prefix of the word. 



Our experimental results indicate that our modifications have a mostly pos- 
itive effect on each step of the translation. The new translator called LTL3BA 
is usually faster than the original LTL2BA and it produces smaller and more 
deterministic automata. Moreover, comparison of LTL3BA and the current ver- 
sion of SPOT (run without WDBA minimization that is very slow) shows that 
the produced automata are of similar quality and LTL3BA is usually faster. 

LTL3BA has served as an experimental tool to demonstrate that our modifi- 
cations are improvements and their applicability to other LTL to BA translations 
is a subject of further research. 

LTL3BA is publicly available under GPL at: 



http: //sourcef orge .net/projects/ltl3ba/ 
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A lbtt parametters used for formulae generation 



Here are the precise parameters for lbtt to produce the sets Bcnchmarkl and 
Benchmark2 of random formulae. Note that we also added negations of these 
formulae to the sets. 

Bcnchmarkl (100 formulae + their negations): 

Size = 15. . .20 
Propositions = 8 

AbbreviatedOperators = Yes 
GenerateMode = Normal 
OutputMode = NNF 
PropositionPriority = 50 

TruePriority = 1 
FalsePriority = 1 

AndPriority = 10 
OrPriority = 10 
XorPriority = 
EquivalencePriority = 

Bef orePriority = 
StrongReleasePriority = 
WeakUntilPriority = 

UntilPriority = 30 

Def aultOperatorPriority = 15 

The parameters for Bcnchmark2 (500 formulae + their negations) are the same 
except the first one, where set: 



Size = 15. . .30 



